Merge branch 'PHP-7.2'

2 files changed, 25 insertions, 3 deletions

diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index 0b5381624a..c3e229bfb6 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -3817,6 +3817,9 @@ static EVP_PKEY * php_openssl_evp_from_zval(
 
 		if (Z_STRLEN_P(val) > 7 && memcmp(Z_STRVAL_P(val), "file://", sizeof("file://") - 1) == 0) {
 			filename = Z_STRVAL_P(val) + (sizeof("file://") - 1);
+			if (php_openssl_open_base_dir_chk(filename)) {
+				TMP_CLEAN;
+			}
 		}
 		/* it's an X509 file/cert of some kind, and we need to extract the data from that */
 		if (public_key) {
@@ -3843,9 +3846,6 @@ static EVP_PKEY * php_openssl_evp_from_zval(
 			BIO *in;
 
 			if (filename) {
-				if (php_openssl_open_base_dir_chk(filename)) {
-					TMP_CLEAN;
-				}
 				in = BIO_new_file(filename, PHP_OPENSSL_BIO_MODE_R(PKCS7_BINARY));
 			} else {
 				in = BIO_new_mem_buf(Z_STRVAL_P(val), (int)Z_STRLEN_P(val));
diff --git a/ext/openssl/tests/bug76296.phpt b/ext/openssl/tests/bug76296.phpt
new file mode 100644
index 0000000000..7ab15dfbf3
--- /dev/null
+++ b/ext/openssl/tests/bug76296.phpt
@@ -0,0 +1,22 @@
+--TEST--
+Bug #76296 openssl_pkey_get_public does not respect open_basedir
+--SKIPIF--
+<?php if (!extension_loaded("openssl")) print "skip"; ?>
+--FILE--
+<?php
+$dir = __DIR__ . '/bug76296_openbasedir';
+$pem = 'file://' . __DIR__ . '/public.key';
+if (!is_dir($dir)) {
+	mkdir($dir);
+}
+
+ini_set('open_basedir', $dir);
+
+var_dump(openssl_pkey_get_public($pem));
+?>
+--EXPECTF--
+
+Warning: openssl_pkey_get_public(): open_basedir restriction in effect. File(%s) is not within the allowed path(s): (%s) in %s on line %d
+bool(false)
+--CLEAN--
+@rmdir(__DIR__ . '/bug76296_openbasedir');